Accepting request 619412 from Archiving

OBS-URL: https://build.opensuse.org/request/show/619412 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/unzip?expand=0&rev=43
2018-07-04 21:52:05 +00:00 · 2018-07-04 21:52:05 +00:00 · de75b402e7
commit de75b402e7
parent 7ce6b95501 04e2f23972
6 changed files with 93 additions and 0 deletions
--- a/Fix-CVE-2014-9636-unzip-buffer-overflow.patch
+++ b/Fix-CVE-2014-9636-unzip-buffer-overflow.patch
@ -0,0 +1,41 @@
 From 190040ebfcf5395a6ccedede2cc9343d34f0a108 Mon Sep 17 00:00:00 2001
 From: mancha <mancha1 AT zoho DOT com>
 Date: Wed, 11 Feb 2015
 Subject: Info-ZIP UnZip buffer overflow
 By carefully crafting a corrupt ZIP archive with "extra fields" that
 purport to have compressed blocks larger than the corresponding
 uncompressed blocks in STORED no-compression mode, an attacker can
 trigger a heap overflow that can result in application crash or
 possibly have other unspecified impact.
 This patch ensures that when extra fields use STORED mode, the
 "compressed" and uncompressed block sizes match.
 ---
 extract.c | 7 +++++++
 1 file changed, 7 insertions(+)
 --- unzip60/extract.c	
 +++ unzip60/extract.c	
@@ -2230,6 +2230,7 @@ static int test_compr_eb(__G__ eb, eb_si
     ulg eb_ucsize;
     uch *eb_ucptr;
     int r;
 +    ush method;
     if (compr_offset < 4)                /* field is not compressed: */
         return PK_OK;                    /* do nothing and signal OK */
@@ -2246,6 +2247,13 @@ static int test_compr_eb(__G__ eb, eb_si
      ((eb_ucsize > 0L) && (eb_size <= (compr_offset + EB_CMPRHEADLEN))))
         return IZ_EF_TRUNC;             /* no/bad compressed data! */
 +    method = makeword(eb + (EB_HEADSIZE + compr_offset));
 +    if ((method == STORED) &&
 +        (eb_size != compr_offset + EB_CMPRHEADLEN + eb_ucsize))
 +        return PK_ERR;                    /* compressed & uncompressed
 +                                          * should match in STORED
 +                                          * method */
 +
     if (
 #ifdef INT_16BIT
         (((ulg)(extent)eb_ucsize) != eb_ucsize) ||
--- a/unzip-rcc.changes
+++ b/unzip-rcc.changes
@ -1,3 +1,13 @@
 -------------------------------------------------------------------
 Wed Jun 27 11:39:10 UTC 2018 - kstreitova@suse.com
 - Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
  unable to process Windows zip64 archives because Windows
  archivers set total_disks field to 0 but per standard, valid
  values are 1 and higher [bnc#910683]
 - Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
  overflow for STORED field data [bnc#914442] [CVE-2014-9636]
 -------------------------------------------------------------------
 Wed May 16 19:44:45 UTC 2018 - antoine.belvire@opensuse.org
--- a/unzip-rcc.spec
+++ b/unzip-rcc.spec
@ -57,6 +57,8 @@ Patch16:        CVE-2015-7697.patch
 Patch17:        CVE-2016-9844.patch
 Patch18:        CVE-2014-9913.patch
 Patch19:        CVE-2018-1000035.patch
 Patch20:        Fix-CVE-2014-9636-unzip-buffer-overflow.patch
 Patch21:        unzip60-total_disks_zero.patch
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
 Recommends:     %{_name}-doc
@ -100,6 +102,8 @@ functionality. This version can also extract encrypted archives.
 %patch17 -p1
 %patch18 -p1
 %patch19 -p0
 %patch20 -p1
 %patch21 -p1
 %build
 export RPM_OPT_FLAGS="%{optflags} \
--- a/unzip.changes
+++ b/unzip.changes
@ -1,3 +1,13 @@
 -------------------------------------------------------------------
 Wed Jun 27 11:39:10 UTC 2018 - kstreitova@suse.com
 - Add unzip60-total_disks_zero.patch that fixes a bug when unzip is
  unable to process Windows zip64 archives because Windows
  archivers set total_disks field to 0 but per standard, valid
  values are 1 and higher [bnc#910683]
 - Add Fix-CVE-2014-9636-unzip-buffer-overflow.patch to fix heap
  overflow for STORED field data [bnc#914442] [CVE-2014-9636]
 -------------------------------------------------------------------
 Wed May 16 19:44:45 UTC 2018 - antoine.belvire@opensuse.org
--- a/unzip.spec
+++ b/unzip.spec
@ -57,6 +57,8 @@ Patch16:        CVE-2015-7697.patch
 Patch17:        CVE-2016-9844.patch
 Patch18:        CVE-2014-9913.patch
 Patch19:        CVE-2018-1000035.patch
 Patch20:        Fix-CVE-2014-9636-unzip-buffer-overflow.patch
 Patch21:        unzip60-total_disks_zero.patch
 Requires(post): update-alternatives
 Requires(postun): update-alternatives
 Recommends:     %{_name}-doc
@ -100,6 +102,8 @@ functionality. This version can also extract encrypted archives.
 %patch17 -p1
 %patch18 -p1
 %patch19 -p0
 %patch20 -p1
 %patch21 -p1
 %build
 export RPM_OPT_FLAGS="%{optflags} \
--- a/unzip60-total_disks_zero.patch
+++ b/unzip60-total_disks_zero.patch
@ -0,0 +1,24 @@
 Index: unzip60/process.c
 ===================================================================
 --- unzip60.orig/process.c
 +++ unzip60/process.c
@@ -1286,7 +1286,8 @@ static int find_ecrec64(__G__ searchlen)
             G.ecrec.number_this_disk, ecloc64_total_disks); fflush(stdout);
 #endif
     if ((G.ecrec.number_this_disk != 0xFFFF) &&
 -        (G.ecrec.number_this_disk != ecloc64_total_disks - 1)) {
 +        (G.ecrec.number_this_disk != ecloc64_total_disks - 1) &&
 +        (ecloc64_total_disks != 0)) {
       /* Note: For some unknown reason, the developers at PKWARE decided to
          store the "zip64 total disks" value as a counter starting from 1,
          whereas all other "split/span volume" related fields use 0-based
@@ -1296,6 +1297,9 @@ static int find_ecrec64(__G__ searchlen)
          When this is not the case, the found ecrec64 locator cannot be valid.
          -> This is not a Zip64 archive.
        */
 +      /* There are archive creators that put 0 in total disks when it should
 +         be 1.  We should handle this.  This is done by the added check above.
 +      */
       Trace((stderr,
              "\ninvalid ECLOC64, differing disk# (ECR %u, ECL64 %lu)\n",
              G.ecrec.number_this_disk, ecloc64_total_disks - 1));